Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-20481 Missing Release of Resource after Effective Lifetime vulnerability in Cisco Firepower Threat Defense Software
A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion.
network
low complexity
cisco CWE-772
5.8
2024-10-16 CVE-2024-20421 Cross-Site Request Forgery (CSRF) vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device.
network
low complexity
cisco CWE-352
6.5
2024-10-16 CVE-2024-20460 Unspecified vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient validation of user input.
network
low complexity
cisco
6.1
2024-10-16 CVE-2024-20461 OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware
A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized.
local
low complexity
cisco CWE-78
6.0
2024-10-16 CVE-2024-20462 Insufficiently Protected Credentials vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device.
local
low complexity
cisco CWE-522
5.5
2024-10-02 CVE-2024-20509 Race Condition vulnerability in Cisco products
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process.
network
high complexity
cisco CWE-362
5.9
2024-10-02 CVE-2024-20513 Authorization Bypass Through User-Controlled Key vulnerability in Cisco products
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment.
network
low complexity
cisco CWE-639
5.3
2024-10-02 CVE-2024-20385 Improper Certificate Validation vulnerability in Cisco Nexus Dashboard Orchestrator
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.  This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature validates the certificates for Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud Network Controller (CNC), and Cisco Nexus Dashboard only when a new site is added or an existing one is reregistered.
network
high complexity
cisco CWE-295
5.9
2024-10-02 CVE-2024-20438 Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints.
network
low complexity
cisco CWE-862
5.4
2024-10-02 CVE-2024-20441 Unspecified vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint.
network
low complexity
cisco
6.5